imgcreate/creator.py | 9 ------
imgcreate/kickstart.py | 65 +++++++++++++++++++++++++++----------------------
imgcreate/yuminst.py | 1
3 files changed, 37 insertions(+), 38 deletions(-)
New commits:
commit 84b14777b7d9025a802e03008fcec670d4164f1f
Author: Brian C. Lane <bcl(a)redhat.com>
Date: Tue Oct 9 13:19:05 2012 -0700
add nocontexts for selinux (#858373)
We relabel everything after the install, so tell rpm not to use
selinux.
diff --git a/imgcreate/yuminst.py b/imgcreate/yuminst.py
index 97e5ecf..f753e8f 100644
--- a/imgcreate/yuminst.py
+++ b/imgcreate/yuminst.py
@@ -79,6 +79,7 @@ class LiveCDYum(yum.YumBase):
conf += "reposdir=\n"
conf += "failovermethod=priority\n"
conf += "keepcache=1\n"
+ conf += "tsflags=nocontexts\n"
f = file(confpath, "w+")
f.write(conf)
commit d72c04d6c3228de5e83eef94d8fca68398f0dab5
Author: Brian C. Lane <bcl(a)redhat.com>
Date: Tue Oct 30 16:39:46 2012 -0700
remove lokkit usage
Write to /etc/selinux/config instead of using lokkit.
Setup firewall with firewalld's firewall-offline-cmd
diff --git a/imgcreate/creator.py b/imgcreate/creator.py
index 891d6ef..0e5ed6b 100644
--- a/imgcreate/creator.py
+++ b/imgcreate/creator.py
@@ -607,13 +607,6 @@ class ImageCreator(object):
self._get_excluded_packages()):
ayum.deselectPackage(pkg)
- # if the system is running selinux and the kickstart wants it disabled
- # we need /usr/sbin/lokkit
- def __can_handle_selinux(self, ayum):
- file = "/usr/sbin/lokkit"
- if not kickstart.selinux_enabled(self.ks) and selinux.is_selinux_enabled() and not ayum.installHasFile(file):
- raise CreatorError("Unable to disable SELinux because the installed package set did not include the file %s" % (file))
-
def install(self, repo_urls = {}):
"""Install packages into the install root.
@@ -657,8 +650,6 @@ class ImageCreator(object):
self.__select_groups(ayum)
self.__deselect_packages(ayum)
- self.__can_handle_selinux(ayum)
-
ayum.runInstall()
except yum.Errors.RepoError, e:
raise CreatorError("Unable to download from repo : %s" % (e,))
diff --git a/imgcreate/kickstart.py b/imgcreate/kickstart.py
index 1d8f5cf..7adb37a 100644
--- a/imgcreate/kickstart.py
+++ b/imgcreate/kickstart.py
@@ -175,23 +175,25 @@ class AuthConfig(KickstartConfig):
class FirewallConfig(KickstartConfig):
"""A class to apply a kickstart firewall configuration to a system."""
def apply(self, ksfirewall):
- if not os.path.exists(self.path("/usr/sbin/lokkit")):
- return
- args = ["/usr/sbin/lokkit", "-f", "--quiet", "--nostart"]
- if ksfirewall.enabled:
- args.append("--enabled")
-
- for port in ksfirewall.ports:
- args.append("--port=%s" %(port,))
- for svc in ksfirewall.services:
- args.append("--service=%s" %(svc,))
- for dev in ksfirewall.trusts:
- args.append("--trust=%s" %(dev,))
+ args = ["/usr/bin/firewall-offline-cmd"]
+ # enabled is None if neither --enable or --disable is passed
+ # default to enabled if nothing has been set.
+ if ksfirewall.enabled == False:
+ args += ["--disabled"]
else:
- args.append("--disabled")
+ args += ["--enabled"]
+
+ for dev in ksfirewall.trusts:
+ args += [ "--trust=%s" % (dev,) ]
+
+ for port in ksfirewall.ports:
+ args += [ "--port=%s" % (port,) ]
+
+ for service in ksfirewall.services:
+ args += [ "--service=%s" % (service,) ]
self.call(args)
-
+
class RootPasswordConfig(KickstartConfig):
"""A class to apply a kickstart root password configuration to a system."""
def unset(self):
@@ -426,17 +428,27 @@ class SelinuxConfig(KickstartConfig):
self.call(["/sbin/setfiles", "-p", "-e", "/proc", "-e", "/sys", "-e", "/dev", selinux.selinux_file_context_path(), "/"])
def apply(self, ksselinux):
- if os.path.exists(self.path("/usr/sbin/lokkit")):
- args = ["/usr/sbin/lokkit", "--quiet", "--nostart"]
+ selinux_config = "/etc/selinux/config"
+ if not os.path.exists(self.instroot+selinux_config):
+ return
- if ksselinux.selinux == ksconstants.SELINUX_ENFORCING:
- args.append("--selinux=enforcing")
- if ksselinux.selinux == ksconstants.SELINUX_PERMISSIVE:
- args.append("--selinux=permissive")
- if ksselinux.selinux == ksconstants.SELINUX_DISABLED:
- args.append("--selinux=disabled")
+ if ksselinux.selinux == ksconstants.SELINUX_ENFORCING:
+ cmd = "SELINUX=enforcing\n"
+ elif ksselinux.selinux == ksconstants.SELINUX_PERMISSIVE:
+ cmd = "SELINUX=permissive\n"
+ elif ksselinux.selinux == ksconstants.SELINUX_DISABLED:
+ cmd = "SELINUX=disabled\n"
+ else:
+ return
- self.call(args)
+ # Replace the SELINUX line in the config
+ lines = open(self.instroot+selinux_config).readlines()
+ with open(self.instroot+selinux_config, "w") as f:
+ for line in lines:
+ if line.startswith("SELINUX="):
+ f.write(cmd)
+ else:
+ f.write(line)
self.relabel(ksselinux)
commit 9260623205f51ab5d27a39734b55a20c80025b57
Author: Brian C. Lane <bcl(a)redhat.com>
Date: Mon Oct 29 17:32:01 2012 -0700
use locale.conf not sysconfig/i18n (#870805)
diff --git a/imgcreate/kickstart.py b/imgcreate/kickstart.py
index c82dde3..1d8f5cf 100644
--- a/imgcreate/kickstart.py
+++ b/imgcreate/kickstart.py
@@ -131,7 +131,7 @@ class LanguageConfig(KickstartConfig):
def apply(self, kslang):
lang = kslang.lang or "en_US.UTF-8"
- f = open(self.path("/etc/sysconfig/i18n"), "w+")
+ f = open(self.path("/etc/locale.conf"), "w+")
f.write("LANG=\"" + lang + "\"\n")
f.close()
commit fa6a0a2ab7f7bc2c5a16622ac33ae446bf2b3d52
Author: Brian C. Lane <bcl(a)redhat.com>
Date: Mon Oct 29 17:26:40 2012 -0700
don't write clock (#870805)
diff --git a/imgcreate/kickstart.py b/imgcreate/kickstart.py
index b66367c..c82dde3 100644
--- a/imgcreate/kickstart.py
+++ b/imgcreate/kickstart.py
@@ -149,11 +149,6 @@ class TimezoneConfig(KickstartConfig):
tz = kstimezone.timezone or "America/New_York"
utc = str(kstimezone.isUtc)
- f = open(self.path("/etc/sysconfig/clock"), "w+")
- f.write("ZONE=\"" + tz + "\"\n")
- f.write("UTC=" + utc + "\n")
- f.close()
-
# /etc/localtime is a symlink with glibc > 2.15-41
if os.path.islink(self.path("/etc/localtime")):
os.unlink(self.path("/etc/localtime"))